diff --git a/CHANGELOG.md b/CHANGELOG.md index dd8f1211c..3427a08ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Confirmation dialogs for deep link queries, connection imports, and pre-connect scripts +### Fixed + +- MongoDB Atlas connections failing with "TLS certificate verify failed" due to missing CA bundle + ## [0.25.0] - 2026-03-27 ### Added diff --git a/Libs/checksums.sha256 b/Libs/checksums.sha256 index e783c2de2..6bda7f73f 100644 --- a/Libs/checksums.sha256 +++ b/Libs/checksums.sha256 @@ -1,7 +1,7 @@ -064606d4c05f60a73b7bed9574f703d56effde6006a0ada4a660e00e0949bbeb Libs/libbson_arm64.a -0f05902d61adec1359c94f12c9bc7a1ceac86f4b492e2d6c02411a5926a0d728 Libs/libbson_universal.a -2b21d294ed199e46949dfb29d229399d5345c256c39ed07b94a974890fcf5110 Libs/libbson_x86_64.a -0f05902d61adec1359c94f12c9bc7a1ceac86f4b492e2d6c02411a5926a0d728 Libs/libbson.a +36e3a521b8da03bafd0f943c4f3b21c8c573bf9d640c6c9e764c0c3632672849 Libs/libbson_arm64.a +b7716e3f295a54feee85c8771332505be2f9a4a430a088d476d60e358d737c9e Libs/libbson_universal.a +1e502e7fb4edc79639140e18d433a1ed1be2931162daecee71a74d09e9f4c550 Libs/libbson_x86_64.a +b7716e3f295a54feee85c8771332505be2f9a4a430a088d476d60e358d737c9e Libs/libbson.a 8d7e31145470a339f4f57930831936db30412393a339598deece6f650214865a Libs/libcassandra_arm64.a 9bfd7d7cb4a7ee9823b4c5141e942a8534de63395983388722dc7c98e5d7731e Libs/libcassandra_universal.a 7f1d058c77b66273db2b3867103c19f62ed0518fb38611b178ce04029213d5d8 Libs/libcassandra_x86_64.a @@ -26,10 +26,10 @@ b777f7a42766fb08c8e67b2310c67d2d463d77d3554c6092221c3352778622b2 Libs/libmariad 5326ed729b287ae5dbbcf073aaa70dce29a73c7431e446d5958271af19dac8d8 Libs/libmariadb_universal.a 4f7bbb3d73be178d4211c3bd5b2726b4a12db8b808eaa5212bf8e9eb3c570814 Libs/libmariadb_x86_64.a 5326ed729b287ae5dbbcf073aaa70dce29a73c7431e446d5958271af19dac8d8 Libs/libmariadb.a -8e587e9ed0b4291345f16a647bc7ed2dc30edbee87b9887eef94098d574aac13 Libs/libmongoc_arm64.a -553b6636a37886dd44732dddcb97f6e8192dc1b3fbb914042c8da8a9685ce163 Libs/libmongoc_universal.a -ce569e738c0f62f13906095bc33e10f20d62cd32535db89bc6af6231e86c1632 Libs/libmongoc_x86_64.a -553b6636a37886dd44732dddcb97f6e8192dc1b3fbb914042c8da8a9685ce163 Libs/libmongoc.a +9f4c87916ef65eae43b19d7568dc4fd4dffd884dc0cae15913b90965293339a7 Libs/libmongoc_arm64.a +0d7ddc82dc7327a4b5187ffbc68a1419b5e5ff7b2be7b927e16793eef4d34303 Libs/libmongoc_universal.a +635705c7dc8d689efdee5ec1bd8a8cbd0d09ae20db0869480271a293d492de50 Libs/libmongoc_x86_64.a +0d7ddc82dc7327a4b5187ffbc68a1419b5e5ff7b2be7b927e16793eef4d34303 Libs/libmongoc.a 5dbf2cb5ef37d8adbf607db82461b36a3fd7037c11d891383e6e918378a33d78 Libs/libpgcommon_arm64.a 3ca491a723b9d9dfc13b815659b44a82253b540dd6b115f03ac68c5154ec26db Libs/libpgcommon_universal.a 4bfad7376aefa866d1ed0b7e54966ec6c9d70dcfed928e1311c20321bf08881c Libs/libpgcommon_x86_64.a diff --git a/Plugins/MongoDBDriverPlugin/CLibMongoc/include/mongoc/mongoc-config.h b/Plugins/MongoDBDriverPlugin/CLibMongoc/include/mongoc/mongoc-config.h index 6d204796f..38314f8b7 100644 --- a/Plugins/MongoDBDriverPlugin/CLibMongoc/include/mongoc/mongoc-config.h +++ b/Plugins/MongoDBDriverPlugin/CLibMongoc/include/mongoc/mongoc-config.h @@ -78,7 +78,7 @@ * MONGOC_ENABLE_SSL_SECURE_TRANSPORT is set from configure to determine if we are * compiled with Native SSL support on Darwin */ -#define MONGOC_ENABLE_SSL_SECURE_TRANSPORT 0 +#define MONGOC_ENABLE_SSL_SECURE_TRANSPORT 1 #if MONGOC_ENABLE_SSL_SECURE_TRANSPORT != 1 # undef MONGOC_ENABLE_SSL_SECURE_TRANSPORT @@ -89,7 +89,7 @@ * MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO is set from configure to determine if we are * compiled with Native Crypto support on Darwin */ -#define MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO 0 +#define MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO 1 #if MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO != 1 # undef MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO @@ -111,7 +111,7 @@ * MONGOC_ENABLE_SSL_OPENSSL is set from configure to determine if we are * compiled with OpenSSL support. */ -#define MONGOC_ENABLE_SSL_OPENSSL 1 +#define MONGOC_ENABLE_SSL_OPENSSL 0 #if MONGOC_ENABLE_SSL_OPENSSL != 1 # undef MONGOC_ENABLE_SSL_OPENSSL @@ -122,7 +122,7 @@ * MONGOC_ENABLE_CRYPTO_LIBCRYPTO is set from configure to determine if we are * compiled with OpenSSL support. */ -#define MONGOC_ENABLE_CRYPTO_LIBCRYPTO 1 +#define MONGOC_ENABLE_CRYPTO_LIBCRYPTO 0 #if MONGOC_ENABLE_CRYPTO_LIBCRYPTO != 1 # undef MONGOC_ENABLE_CRYPTO_LIBCRYPTO @@ -164,7 +164,7 @@ /* * Use ASN1_STRING_get0_data () rather than the deprecated ASN1_STRING_data */ -#define MONGOC_HAVE_ASN1_STRING_GET0_DATA 1 +#define MONGOC_HAVE_ASN1_STRING_GET0_DATA 0 #if MONGOC_HAVE_ASN1_STRING_GET0_DATA != 1 # undef MONGOC_HAVE_ASN1_STRING_GET0_DATA @@ -338,7 +338,7 @@ * Set if we have zstd compression support * */ -#define MONGOC_ENABLE_COMPRESSION_ZSTD 1 +#define MONGOC_ENABLE_COMPRESSION_ZSTD 0 #if MONGOC_ENABLE_COMPRESSION_ZSTD != 1 # undef MONGOC_ENABLE_COMPRESSION_ZSTD diff --git a/TablePro.xcodeproj/project.pbxproj b/TablePro.xcodeproj/project.pbxproj index 933b3ecc7..714ee645c 100644 --- a/TablePro.xcodeproj/project.pbxproj +++ b/TablePro.xcodeproj/project.pbxproj @@ -2477,8 +2477,10 @@ "$(PROJECT_DIR)/Libs/libmongoc.a", "-force_load", "$(PROJECT_DIR)/Libs/libbson.a", - "-lssl", - "-lcrypto", + "-framework", + Security, + "-framework", + CoreFoundation, "-lresolv", "-lz", ); @@ -2517,8 +2519,10 @@ "$(PROJECT_DIR)/Libs/libmongoc.a", "-force_load", "$(PROJECT_DIR)/Libs/libbson.a", - "-lssl", - "-lcrypto", + "-framework", + Security, + "-framework", + CoreFoundation, "-lresolv", "-lz", ); diff --git a/scripts/build-libmongoc.sh b/scripts/build-libmongoc.sh index 83c9b80c8..6d57f675c 100755 --- a/scripts/build-libmongoc.sh +++ b/scripts/build-libmongoc.sh @@ -19,8 +19,11 @@ run_quiet() { # libbson_arm64.a, libbson_x86_64.a, libbson_universal.a # libmongoc_arm64.a, libmongoc_x86_64.a, libmongoc_universal.a # -# OpenSSL is built from source to match the app's deployment target, -# preventing "Symbol not found" crashes from Homebrew-built libraries. +# Uses macOS SecureTransport (ENABLE_SSL=DARWIN) for TLS so that +# certificate verification uses the system Keychain automatically. +# Note: SecureTransport is deprecated by Apple but still functional on +# macOS 14+. It supports TLS 1.2 (no 1.3). MongoDB Atlas accepts TLS 1.2. +# libmongoc does not support Network.framework as a TLS backend. # # All libraries are built with MACOSX_DEPLOYMENT_TARGET=14.0 to match # the app's minimum deployment target. @@ -35,8 +38,6 @@ run_quiet() { DEPLOY_TARGET="14.0" MONGOC_VERSION="1.28.1" -OPENSSL_VERSION="3.4.1" -OPENSSL_SHA256="002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3" MONGOC_SHA256="a93259840f461b28e198311e32144f5f8dc9fbd74348029f2793774d781bb7da" ARCH="${1:-both}" @@ -46,7 +47,7 @@ LIBS_DIR="$PROJECT_DIR/Libs" BUILD_DIR="$(mktemp -d)" NCPU=$(sysctl -n hw.ncpu) -echo "🔧 Building static libmongoc $MONGOC_VERSION + OpenSSL $OPENSSL_VERSION" +echo "🔧 Building static libmongoc $MONGOC_VERSION (SecureTransport)" echo " Deployment target: macOS $DEPLOY_TARGET" echo " Architecture: $ARCH" echo " Build dir: $BUILD_DIR" @@ -61,12 +62,6 @@ trap cleanup EXIT download_sources() { echo "📥 Downloading source tarballs..." - if [ ! -f "$BUILD_DIR/openssl-$OPENSSL_VERSION.tar.gz" ]; then - curl -fSL "https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz" \ - -o "$BUILD_DIR/openssl-$OPENSSL_VERSION.tar.gz" - fi - echo "$OPENSSL_SHA256 $BUILD_DIR/openssl-$OPENSSL_VERSION.tar.gz" | shasum -a 256 -c - - if [ ! -f "$BUILD_DIR/mongo-c-driver-$MONGOC_VERSION.tar.gz" ]; then curl -fSL "https://github.com/mongodb/mongo-c-driver/releases/download/$MONGOC_VERSION/mongo-c-driver-$MONGOC_VERSION.tar.gz" \ -o "$BUILD_DIR/mongo-c-driver-$MONGOC_VERSION.tar.gz" @@ -76,46 +71,8 @@ download_sources() { echo "✅ Sources downloaded" } -build_openssl() { - local arch=$1 - local prefix="$BUILD_DIR/install-openssl-$arch" - - echo "" - echo "🔨 Building OpenSSL $OPENSSL_VERSION for $arch..." - - # Extract fresh copy for this arch - rm -rf "$BUILD_DIR/openssl-$OPENSSL_VERSION-$arch" - mkdir -p "$BUILD_DIR/openssl-$OPENSSL_VERSION-$arch" - tar xzf "$BUILD_DIR/openssl-$OPENSSL_VERSION.tar.gz" -C "$BUILD_DIR/openssl-$OPENSSL_VERSION-$arch" --strip-components=1 - - cd "$BUILD_DIR/openssl-$OPENSSL_VERSION-$arch" - - local target - if [ "$arch" = "arm64" ]; then - target="darwin64-arm64-cc" - else - target="darwin64-x86_64-cc" - fi - - MACOSX_DEPLOYMENT_TARGET=$DEPLOY_TARGET \ - ./Configure \ - "$target" \ - no-shared \ - no-tests \ - no-apps \ - no-docs \ - --prefix="$prefix" \ - -mmacosx-version-min=$DEPLOY_TARGET > /dev/null 2>&1 - - run_quiet make -j"$NCPU" - run_quiet make install_sw - - echo "✅ OpenSSL $arch: $(ls -lh "$prefix/lib/libssl.a" | awk '{print $5}') (libssl) $(ls -lh "$prefix/lib/libcrypto.a" | awk '{print $5}') (libcrypto)" -} - build_mongoc() { local arch=$1 - local openssl_prefix="$BUILD_DIR/install-openssl-$arch" local prefix="$BUILD_DIR/install-mongoc-$arch" echo "" @@ -139,12 +96,6 @@ build_mongoc() { mkdir -p "$build_dir" cd "$build_dir" - # Resolve OpenSSL library path (may be lib/ or lib64/) - local openssl_lib_dir="$openssl_prefix/lib" - if [ -f "$openssl_prefix/lib64/libssl.a" ]; then - openssl_lib_dir="$openssl_prefix/lib64" - fi - run_quiet env MACOSX_DEPLOYMENT_TARGET=$DEPLOY_TARGET \ cmake .. \ -DCMAKE_INSTALL_PREFIX="$prefix" \ @@ -159,13 +110,9 @@ build_mongoc() { -DENABLE_SRV=ON \ -DENABLE_ZLIB=SYSTEM \ -DENABLE_ZSTD=OFF \ - -DENABLE_SSL=OPENSSL \ + -DENABLE_SSL=DARWIN \ -DENABLE_TESTS=OFF \ - -DENABLE_EXAMPLES=OFF \ - -DOPENSSL_ROOT_DIR="$openssl_prefix" \ - -DOPENSSL_INCLUDE_DIR="$openssl_prefix/include" \ - -DOPENSSL_SSL_LIBRARY="$openssl_lib_dir/libssl.a" \ - -DOPENSSL_CRYPTO_LIBRARY="$openssl_lib_dir/libcrypto.a" + -DENABLE_EXAMPLES=OFF run_quiet cmake --build . --parallel "$NCPU" run_quiet cmake --install . @@ -226,7 +173,6 @@ create_universal() { build_for_arch() { local arch=$1 - build_openssl "$arch" build_mongoc "$arch" install_libs "$arch" # Install headers once (they're arch-independent)